Varun Ganesh created FELIX-5893:
-----------------------------------
Summary: Security bug CVE-2015-9251
Key: FELIX-5893
URL: https://issues.apache.org/jira/browse/FELIX-5893
Project: Felix
Issue Type: Bug
Components: Console
Affects Versions: webconsole-4.3.4
Reporter: Varun Ganesh
Hi Experts,
In our product we are using Sling version 6 in one of our release.(Working
on Migration to Sling 10 for next versions)
Recently we came across a security bug CVE-2015-9251.
(CVE-2015-9251 is a vulnerability to allow an attacker to execute
arbitrary code when text/javascript responses are received from cross-origin
ajax requests not containing the option `dataType`. Its CVSS score is 6.1 in
NVD.).
To fix this an up-gradation of jQuery to versions greater than 3.0.0 is
required.
In our product we are using felix web console dependency which contains
jQuery of version 1.3.2.js.
As part of the fix for the security bug we need to upgrade the jQuery in
the jar that are mentioned above.
For that we checked the latest versions for the above mentioned jars and
identified that the jQuery versions are not above v3.0.0.
So could you please help us in upgrading them as soon as possible.
Thanks,
Varun.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
